Security Tools to protect your home network and your devices

TheFORCETheFORCE Senior MemberMember Posts: 2,298 ■■■■■■■■□□
We all use really sophisticated security tools at work, IPS/IDS, firewalls, SIEMs, PMP tools, IAM tools, GPO's etc. with various alerting methods, thresholds, analytics and reporting. We all know those tools are expensive and seriously many times only offered for big companies.

What I would like to know is what you all use for your own home networks or home labs to protect against viruses, data loss, Data Leakage, monitoring of network statistics, monitoring of network status, any type of reporting tools on the sites activities that takes place on your home networks, open ports, OS hardening techniques etc.
If you could provide any tools that would be great.
I'm currently using dashlane for password management and setting up nessus and solarwinds, but really stuck on what is the best approach to use these tools and need some opinions from fellow TE's

Comments

  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    Microsoft Security Essentials for AV. I'm not too susceptible to viruses with my current download activity.
    Chrome security tightening. Adblock plus, HTTPS Everywhere, click-to-play plugins
    KeePass for passwords
    Bitlocker for disk encryption
    Acronis True Image nightly full backups, encrypted & pw protected of course. Copy the latest image to an external that I keep in the office & bring in once a month for off-site backups
    OpenDNS for the kids
    Regular User accounts for the kids.
    I think that's it.
    I could run things like Splunk or Bro, but doing my cost/benefit analysis it was a no-brainer to not even think any further about doing that craziness.
  • jdancerjdancer Member Posts: 482 ■■■■□□□□□□
    Are you looking to replicate enterprise level tools for the home? Since I'm a big fan of open-source, I use the following:

    Zabbix
    OSSEC
    Logstash/Elasticsearch/Kibana
    backuppc.sourceforge.net
    dnsmasq
    PassiveDNS from Github
    FireHOL
  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    PFsense and Security Onion.
  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    I've heard good things about pfsense but i noticed they were on the latest VCE's for remote code execution vulnerabilities. I'll take a look at the tools mentioned, do they work on linux or windows or both? Also, how are you guys running these, on a dedicated machine or on your main machine that you use for surfing?
  • digitheadsdigitheads Member Posts: 39 ■■□□□□□□□□
    Watchguard Firebox & Eset security suite - awesome combo...
  • stryder144stryder144 Senior Member Member Posts: 1,684 ■■■■■■■■□□
    I have done a few things:

    1. Install ZoneAlarm
    2. Install Firefox with EFFs Privacy Badger and HTTPS Everywhere, NoScript Suite, and Adblock Plus extensions added
    3. Install Bitdefender - free edition
    4. Install Avast! Free - overkill, I suppose, but it quietly sits right alongside of Bitdefender without any conflicts
    5. Eraser - for when a file truly, completely needs to be wiped...you know, for those special emails that shouldn't be sent to your home account!
    6. CCleaner - set up to wipe using a minimum DoD 3-wipe on less powerful computers and 7-wipe on better configured devices
    7. MalwareBytes - free version for those times when you're feeling extra paranoid (or about once every two weeks or so)
    8. Emsisoft Emergency Kit - again, paranoia isn't too much, is it?
    9. Microsoft's Enhanced Mitigation Experience Toolkit - to make sure that other programs are locked down(ish)
    10. Microsoft's Baseline Security Analyzer
    11. BelArc Advisor - it looks for security updates for Windows and common applications and alerts you (via red text), it also looks for default, but vulnerable, accounts
    12. On our Windows and Mac OS X computers, we have all users log in with a standard account. The Windows 7 Home Premium computer has Group Policy Editor installed and all software installs are prohibited without admin password (I realize that a standard user account shouldn't be able to install software but have seen it fail, I haven't yet seen a policy fail)
    13. In the process of getting the motivation to setup the 4TB MyCloud drive for data backups. I know I should set it up but have no motivation. I regularly backup my own computer, I'm just too lazy right now to set up backup for the other computers.
    14. My home router is setup for maximum security.

    I thought about building a tiny box to house Sophos UTM Home Edition. Naturally, that would require a complete reconfiguration of my home network. Frankly, I don't have a convenient place to put the box that would house the UTM and my wife is very sensitive to too much tech equipment near our modem (which is in the kitchen). Once we move next year, hopefully I will have the presence of mind to have our demarc point in my office. We will see, I suppose.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    Actually, nothing. Just common sense. Since I'm in control of everything bad things never happened to me because I'm a cautious and very reserved guy. Which means that I have no history of incidents. Which means that I can't do a correct risk assessment and analysis. Which means that expenses presented to a part of my brain that is responsible for budgeting can't be justified. It just won't approve, I tried.
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Timely OS and 3rd party patches
    Limited user account
    EMET
    Adblock and noscript
    No Flash/Java installed (other than chrome, and flash is disabled there).
    1Password
    MFA on all online accounts that support it.
    AppLocker currently, but since I can't buy a copy of windows enterprise as a non enterprise org, I will be going to win 10 pro once my 90 day trial of 8.1 enterprise expires.
  • Justin-Justin- Member Posts: 300
    I think this thread would be great if it could be stickied. Everyone just inputs their opinions on what they use at home, and it could really be useful for new members in the field of Security.

    Just my opinion, though.
  • cowillcowill Member Posts: 93 ■■□□□□□□□□
    Replying to subscribe.....great thread...
  • DeathmageDeathmage Banned Posts: 2,496
    I use a Sonicwall IPS/IDS/GW-AV at home for a firewall and then have a 8 TB NAS which I use Veeam to do backups of the VMware hosts and my personal PC's, on top of countless 1-4TB externals. I also use Mcafee and Avria AV. Everyone sits on a about 6 APC UPS 1500's, a big fan of CCleaner and Malwarebytes.
  • Mike-MikeMike-Mike Member Posts: 1,860
    Currently just using microsoft for av, but I think I'm about to get that Trend Micro.

    I do have Malwarebytes Anti-malware premium, and their semi-new Anti-Exploit product.


    I also have UPS' everywhere, multiple external hard drives, and I'm pretty heavy in the cloud with Google Drive, OneDrive and Dropbox. Using MSecure and Keeper Security for password management.
    Currently Working On

    CWTS, then WireShark
  • MooseboostMooseboost Senior Member Member Posts: 775 ■■■■□□□□□□
    Bitlocker for encryption. Have been running BitDefender, but it is on its way out to be replaced probably with MalwareBytes. I don't boot up the home PC these days for much more than gaming, so I don't worry about it too much. I have an off-line PC that I use for my lab, so security isn't a major concern for it.
    2020 Certification Goals: OSCE GXPN
    Blog: https://hackfox.net
Sign In or Register to comment.